What is ISO 9001 Certification?

A company that has ISO 9001 certification means it has been awarded a certificate that verifies meets all relevant requirements of the ISO 9001 Standard. Naturally, the certifier must be an accredited one. (Bear with me, I'll explain below).

If you say you want to do ISO 9001 or get ISO 9001 certification, it means you want to achieve the status of holding an ISO 9001 certificate, and be listed on the world-wide register of organisations that hold one.

A certificate accepted internationally can only be awarded by an accredited certifier, after a formal audit by properly competent auditors. Accredited means they have the official right to issue certificates to that Standard. How to check a certifier is accredited. A certifier may also be called a certifying body, a registrar or even just 'the external auditor'. Examples of well-known certifiers include SAI Global, DNV, LRQA and SGS.

Assuming the auditor/s are satisfied that your system meets all applicable requirements of the Standard, and that proper process is followed, the certifier then issues a certificate to ISO 9001. What that particular certificate looks like will vary, because each certifier uses their own logo. But it will include the name of the certifier, the dates of issue and expiry, a unique identifying number, the relevant Standard it is issued for, and usually (though not always) the scope of the certification.

The certificate must also be current. Each certificate is valid for a period of 3 years from the date of issue. During this 3-year period of validity, auditor/s from the certifier return to verify that you are still meeting the requirements of the Standard. At a minimum, they will do an annual audit. At the end of the 3 years, a full recertification audit is done, then a new certificate is issued for a 3-year period. And so on.

Watchpoints

Don't say 'ISO certified'. ISO doesn't certify anyone; they manage and coordinate the development, publication and maintenance of Standards, but don't get involved with certification itself. They do, however, have a strong relationship with the IAF (International Accreditation Forum) who does oversee certification.

Do say 'ISO 9001 certification' or 'ISO 14001 certification' - that is, add the number of the Standard to indicate which kind of certification you mean.

Don't say 'ISO 9001 accreditation' - that term is only correct if you are referring to a certifier: the body that issues the certificate.

Do check the details on a certificate, including the dates to make sure the certificate is current, and the certification scope, to see what it covers.

Beware the certificate mill

A certificate mill is a company that simply grinds out certificates with no value at all.

A number of them operate overseas, in the USA, India and other countries, particularly those that are less well regulated. I have come across a couple in Australia also. Certificate mills are dubious and deceptive. They aren't accredited with the IAF, but they go to considerable trouble to pretend that they are legitimate, presumably in an attempt to fool the unwary and unsuspecting into thinking that their certificates are valid. Nothing could be further than the truth. Unfortunately, you usually need to be in the field, or very well informed, or even both, to even know they exist, let alone to spot them. But if you hear something like 'well, we're much cheaper because we don't pay all those fees to JAS-ANZ (or whoever your regional body is', consider that a major red flag.

Unfortunately anyone - provided they have zero ethics and enough willingness to be sneaky - can sit down at a computer, and whip up a certificate for any business. It may even look rather fancy: it'll will say something like "XYZ Co has 9001 Certification" and usually have quite a few (bogus) seals and logos on it.

They not only can, but the certificate mills do it regularly. But: the certificate has absolutely no value whatsoever.

It is not accepted by any large companies or government departments (who know the difference). It is not accepted internationally. You are not listed on the official world-wide register of companies holding valid certificates. And there are absolutely no controls over any shonky company that issues such certificates: no standard that they adhere to, no third-party overseeing them, no audits, no inspections, and thus, of course, no way to verify that they are operating according to a recognised Standard. None of the global companies and no government organisation in any country that I am aware of will touch such a 'certificate'.

So do take care: if you're offered a cheap deal on certification, or someone tells you 'we're much cheaper than all the other certifiers', beware. If you're given or shown any 'ISO 9001 certificate' and it's important to you that it's legitimate, always check that it is from an IAF accredited certifier. Caveat emptor!